I Built My Own Tunneling Platform
I spent three days polishing a web app on my laptop. It looked perfect. Then I tried testing it on my phone. Everything broke.
Local development gets messy when you need a second device. Sharing a local IP fails because of firewalls and HTTPS certificate issues.
I tried Ngrok. It works, but the free tier drops connections. The URLs also look terrible. Random strings like a1b2-34-56.ngrok-free.app are bad for sharing with clients or teams.
I wanted a tunnel with clean, readable URLs. So I built my own.
I combined a custom tunnel with a URL shortener. I added AI to create smart slugs and built in security protections.
The tech stack: • Tunnel / Proxy: Django Channels, Daphne, WebSockets, Python & Node.js CLI • Frontend: Next.js, TailwindCSS, Shadcn/UI • Backend: Django 5, Graphene GraphQL • Database: PostgreSQL (Neon) • Auth: JWT, bcrypt • AI: Google Gemini • Security: MaxMind GeoLite2, Google Safe Browsing API
How it works:
- Bi-directional WebSocket tunneling. A local CLI agent connects to a Django server to forward HTTP requests.
- Race-condition protection. I use Django F() expressions for atomic updates to keep analytics accurate.
- Non-blocking telemetry. Lookups for location and OS run in background threads to keep latency low.
- AI slugs. Gemini reads the target URL to create a meaningful slug instead of random text.
- Proactive security. I block private IP ranges and run Google Safe Browsing checks before saving any link.
The backend and tunneling logic are stable. The frontend is still a work in progress.
I am currently studying for exams at IITM. I am pausing new features to focus on my studies. Instead of letting the code sit, I am opening it for review.
I need your feedback on a few things:
- Latency: How can I keep redirects under 10ms at high scale?
- Security: What is the best way to harden SSRF mitigation?
- Scalability: Should I use WebSockets or TCP for long-lived tunnels?
- Observability: Which metrics should I track for tunnel health?
If you have experience with proxy workers or system design, please share your thoughts.
Full system design breakdown: [Link] Codebase: [Link]
How do you handle testing mobile permissions during local development? Do you use third-party tunnels or custom tools?
Source: https://dev.to/zallu/my-ngrok-urls-got-so-ugly-i-built-my-own-tunneling-platform-instead-59d
